Monday, April 20, 2009

Customers are fair game, but don't mess with employee (my?) data!

http://www.switched.com/2009/04/18/myspace-fires-employee-after-data-breach/

MySpace Fires Employee After Data Breach

by Warren Riddle — Apr 18th 2009 at 8:03AM

… On Monday, workers for the social networking site learned of a data breach orchestrated by a fellow employee, who collected names, Social Security numbers and compensation information of many of his co-workers. Fox Entertainment Group (the company that operates MySpace) sent e-mails to all employees alerting them to the incident, and assured them that no bank account or medical information was compromised.

Fox Entertainment promptly terminated the perpetrator; a departure from the typical MySpace and Facebook firing stories we often cover here at Switched. The internal e-mail, which was forwarded to TechCrunch, told employees that the thief used the acquired data to "annoy selected individuals," but did not send the information to any third parties.



An illustration of your lack of privacy.

http://www.readwriteweb.com/archives/identify_google_people_with_two_keystrokes.php

Identify: Google People With Two Keystrokes

Written by Marshall Kirkpatrick / April 18, 2009 11:54 PM

… About this time last year Google's Brad Fitzpatrick, also the creator of OpenID, led the development of the Google Social Graph API. It's a search engine for all the webpages that we identify as profiles online and it tracks the connections between pages linked together for a single person. At a small event today in Sebastapol, California, British developer Glenn Jones demonstrated the most compelling tool I've seen yet for leveraging this powerful technology.

Called simply Identify, Jones's tool is a Firefox plug-in you can evoke from any web page that has links tagged rel="me". Just click the control key and the "i" key to get a pop-up offering information put together from all around the web about the person the page is associated with. It works on Twitter profile pages, LinkedIn pages, blogs with good markup and other profile pages.



Gosh, they must be pirates or something.

http://digg.com/tech_news/TPB_FTW_The_Pirate_Bay_Blog

TPB FTW - The Pirate Bay Blog

thepiratebay.org — The Pirate Bay guys explain in their latest blog post that they do not want donations since they won't pay those "silly" fines. Instead, they want you to seed a bit more, buy a shirt, and vote!



In the 70's, no one thought much about encryption.

http://www.wired.com/politics/security/news/2009/04/fleetcom

The Great Brazilian Sat-Hack Crackdown

By Marcelo Soares

CAMPINAS, Brazil — On the night of March 8, cruising 22,000 miles above the Earth, U.S. Navy communications satellite FLTSAT-8 suddenly erupted with illicit activity. Jubilant voices and anthems crowded the channel on a junkyard's worth of homemade gear from across vast and silent stretches of the Amazon: Ronaldo, a Brazilian soccer idol, had just scored his first goal with the Corinthians.

… "This had been happening for more than five years," says Celso Campos, of the Brazilian Federal Police. "Since the communication channel was open, not encrypted, lots of people used it to talk to each other."



We could, but we don't?

http://news.cnet.com/8301-1009_3-10222698-83.html?part=rss&subj=news&tag=2547-1_3-0-5

Secure software? Experts say it's no longer a pipedream

by Elinor Mills April 20, 2009 4:00 AM PDT

Last year, Microsoft began offering free SDL tools so outside developers can assess their practices and analyze their software designs to look for security weaknesses.

The tools for writing secure code are getting better, so developers are less likely to make mistakes, said Johannes Ullrich, chief security researcher at the SANS Institute security organization.

Microsoft isn't alone in providing help to the developer community. HP is offering a free tool that helps find holes in Flash applications, and last week announced tools that nonsecurity professionals can use to do security testing. IBM sells a tool for Flash and Ajax developers, and last week the CERT Coordination Center at Carnegie Mellon released an open-source tool for testing ActiveX code.

… A Forrester survey commissioned by Veracode and released last week found that only 34 percent of companies have a comprehensive software development lifecycle process that integrates application security and 57 percent of organizations don't have systematic application security training programs for developers.



What strategic business objective does this accomplish?

http://yro.slashdot.org/article.pl?sid=09/04/20/0126246&from=rss

eReader.com Limits E-book Sales To US Citizens

Posted by timothy on Sunday April 19, @11:07PM from the geography-is-destiny dept. Books

An anonymous reader writes

"eReader.com seems to have begun applying distribution restrictions to its library. I first noticed that there was a FAQ page about distribution restrictions this morning. When I tried to order a few books this afternoon I simply couldn't — a large banner on the order confirmation told me the books had distribution restrictions. I checked a number of titles but it seems a large number of books are no longer available to non-US citizens like me. It is interesting to note that this policy change got implemented shortly after Barnes&Noble purchased Fictionwise. I have no idea if the new owners are behind this new policy but it seems crazy to restrict sales of ebooks. I've bought dozens of ebooks from eReader the past 4 years. I still have 15 dollar store credit but cannot buy any of the books I am interested in."

(Right now, the link that should display these new geographic restrictions returns an error message that says the page is being updated.) Sounds like Barnes & Noble is taking its cues from Apple.

No comments: